@backstage/plugin-kubernetes-backend 0.11.6-next.3 → 0.12.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +46 -0
- package/alpha/package.json +1 -1
- package/dist/index.cjs.js +265 -213
- package/dist/index.cjs.js.map +1 -1
- package/dist/index.d.ts +77 -73
- package/package.json +17 -18
package/dist/index.d.ts
CHANGED
|
@@ -1,22 +1,43 @@
|
|
|
1
1
|
import { Entity } from '@backstage/catalog-model';
|
|
2
2
|
import { Logger } from 'winston';
|
|
3
3
|
import { JsonObject } from '@backstage/types';
|
|
4
|
-
import { KubernetesFetchError, FetchResponse, CustomResourceMatcher, KubernetesRequestBody,
|
|
4
|
+
import { KubernetesRequestAuth, KubernetesFetchError, FetchResponse, CustomResourceMatcher, KubernetesRequestBody, ObjectsByEntityResponse } from '@backstage/plugin-kubernetes-common';
|
|
5
5
|
import { Config } from '@backstage/config';
|
|
6
6
|
import { TokenCredential } from '@azure/identity';
|
|
7
7
|
import { CatalogApi } from '@backstage/catalog-client';
|
|
8
8
|
import { PermissionEvaluator } from '@backstage/plugin-permission-common';
|
|
9
|
-
import express
|
|
9
|
+
import express from 'express';
|
|
10
10
|
import { Duration } from 'luxon';
|
|
11
|
+
import { RequestHandler } from 'http-proxy-middleware';
|
|
11
12
|
import { PluginEndpointDiscovery } from '@backstage/backend-common';
|
|
12
13
|
|
|
14
|
+
/**
|
|
15
|
+
* Authentication data used to make a request to Kubernetes
|
|
16
|
+
* @public
|
|
17
|
+
*/
|
|
18
|
+
type KubernetesCredential = {
|
|
19
|
+
type: 'bearer token';
|
|
20
|
+
token: string;
|
|
21
|
+
} | {
|
|
22
|
+
type: 'anonymous';
|
|
23
|
+
};
|
|
24
|
+
/**
|
|
25
|
+
*
|
|
26
|
+
* @public
|
|
27
|
+
*/
|
|
28
|
+
interface AuthenticationStrategy {
|
|
29
|
+
getCredential(clusterDetails: ClusterDetails, authConfig: KubernetesRequestAuth): Promise<KubernetesCredential>;
|
|
30
|
+
validateCluster(authMetadata: AuthMetadata): Error[];
|
|
31
|
+
}
|
|
32
|
+
|
|
13
33
|
/**
|
|
14
34
|
*
|
|
15
35
|
* @public
|
|
16
36
|
*/
|
|
17
37
|
interface ObjectFetchParams {
|
|
18
38
|
serviceId: string;
|
|
19
|
-
clusterDetails:
|
|
39
|
+
clusterDetails: ClusterDetails;
|
|
40
|
+
credential: KubernetesCredential;
|
|
20
41
|
objectTypesToFetch: Set<ObjectToFetch>;
|
|
21
42
|
labelSelector: string;
|
|
22
43
|
customResources: CustomResource[];
|
|
@@ -29,7 +50,7 @@ interface ObjectFetchParams {
|
|
|
29
50
|
*/
|
|
30
51
|
interface KubernetesFetcher {
|
|
31
52
|
fetchObjectsForService(params: ObjectFetchParams): Promise<FetchResponseWrapper>;
|
|
32
|
-
fetchPodMetricsByNamespaces(clusterDetails: ClusterDetails, namespaces: Set<string>, labelSelector?: string): Promise<FetchResponseWrapper>;
|
|
53
|
+
fetchPodMetricsByNamespaces(clusterDetails: ClusterDetails, credential: KubernetesCredential, namespaces: Set<string>, labelSelector?: string): Promise<FetchResponseWrapper>;
|
|
33
54
|
}
|
|
34
55
|
/**
|
|
35
56
|
*
|
|
@@ -95,6 +116,11 @@ interface KubernetesServiceLocator {
|
|
|
95
116
|
* @public
|
|
96
117
|
*/
|
|
97
118
|
type ServiceLocatorMethod = 'multiTenant' | 'http';
|
|
119
|
+
/**
|
|
120
|
+
* Provider-specific authentication configuration
|
|
121
|
+
* @public
|
|
122
|
+
*/
|
|
123
|
+
type AuthMetadata = Record<string, string>;
|
|
98
124
|
/**
|
|
99
125
|
*
|
|
100
126
|
* @public
|
|
@@ -105,12 +131,7 @@ interface ClusterDetails {
|
|
|
105
131
|
*/
|
|
106
132
|
name: string;
|
|
107
133
|
url: string;
|
|
108
|
-
|
|
109
|
-
serviceAccountToken?: string | undefined;
|
|
110
|
-
/**
|
|
111
|
-
* oidc provider used to get id tokens to authenticate against kubernetes
|
|
112
|
-
*/
|
|
113
|
-
oidcTokenProvider?: string | undefined;
|
|
134
|
+
authMetadata: AuthMetadata;
|
|
114
135
|
skipTLSVerify?: boolean;
|
|
115
136
|
/**
|
|
116
137
|
* Whether to skip the lookup to the metrics server to retrieve pod resource usage.
|
|
@@ -157,32 +178,6 @@ interface ClusterDetails {
|
|
|
157
178
|
*/
|
|
158
179
|
customResources?: CustomResourceMatcher[];
|
|
159
180
|
}
|
|
160
|
-
/**
|
|
161
|
-
*
|
|
162
|
-
* @public
|
|
163
|
-
*/
|
|
164
|
-
interface GKEClusterDetails extends ClusterDetails {
|
|
165
|
-
}
|
|
166
|
-
/**
|
|
167
|
-
*
|
|
168
|
-
* @public
|
|
169
|
-
*/
|
|
170
|
-
interface AzureClusterDetails extends ClusterDetails {
|
|
171
|
-
}
|
|
172
|
-
/**
|
|
173
|
-
*
|
|
174
|
-
* @public
|
|
175
|
-
*/
|
|
176
|
-
interface ServiceAccountClusterDetails extends ClusterDetails {
|
|
177
|
-
}
|
|
178
|
-
/**
|
|
179
|
-
*
|
|
180
|
-
* @public
|
|
181
|
-
*/
|
|
182
|
-
interface AWSClusterDetails extends ClusterDetails {
|
|
183
|
-
assumeRole?: string;
|
|
184
|
-
externalId?: string;
|
|
185
|
-
}
|
|
186
181
|
/**
|
|
187
182
|
*
|
|
188
183
|
* @public
|
|
@@ -228,16 +223,18 @@ interface KubernetesObjectsProvider {
|
|
|
228
223
|
*
|
|
229
224
|
* @public
|
|
230
225
|
*/
|
|
231
|
-
declare class
|
|
232
|
-
|
|
226
|
+
declare class AksStrategy implements AuthenticationStrategy {
|
|
227
|
+
getCredential(_: ClusterDetails, requestAuth: KubernetesRequestAuth): Promise<KubernetesCredential>;
|
|
228
|
+
validateCluster(): Error[];
|
|
233
229
|
}
|
|
234
230
|
|
|
235
231
|
/**
|
|
236
232
|
*
|
|
237
233
|
* @public
|
|
238
234
|
*/
|
|
239
|
-
|
|
240
|
-
|
|
235
|
+
declare class AnonymousStrategy implements AuthenticationStrategy {
|
|
236
|
+
getCredential(): Promise<KubernetesCredential>;
|
|
237
|
+
validateCluster(): Error[];
|
|
241
238
|
}
|
|
242
239
|
|
|
243
240
|
/**
|
|
@@ -253,27 +250,28 @@ type SigningCreds = {
|
|
|
253
250
|
*
|
|
254
251
|
* @public
|
|
255
252
|
*/
|
|
256
|
-
declare class
|
|
253
|
+
declare class AwsIamStrategy implements AuthenticationStrategy {
|
|
257
254
|
private readonly credsManager;
|
|
258
255
|
constructor(opts: {
|
|
259
256
|
config: Config;
|
|
260
257
|
});
|
|
258
|
+
getCredential(clusterDetails: ClusterDetails): Promise<KubernetesCredential>;
|
|
259
|
+
validateCluster(): Error[];
|
|
261
260
|
private getBearerToken;
|
|
262
|
-
decorateClusterDetailsWithAuth(clusterDetails: AWSClusterDetails): Promise<AWSClusterDetails>;
|
|
263
261
|
}
|
|
264
262
|
|
|
265
263
|
/**
|
|
266
264
|
*
|
|
267
265
|
* @public
|
|
268
266
|
*/
|
|
269
|
-
declare class
|
|
267
|
+
declare class AzureIdentityStrategy implements AuthenticationStrategy {
|
|
270
268
|
private readonly logger;
|
|
271
269
|
private readonly tokenCredential;
|
|
272
270
|
private accessToken;
|
|
273
271
|
private newTokenPromise;
|
|
274
272
|
constructor(logger: Logger, tokenCredential?: TokenCredential);
|
|
275
|
-
|
|
276
|
-
|
|
273
|
+
getCredential(): Promise<KubernetesCredential>;
|
|
274
|
+
validateCluster(): Error[];
|
|
277
275
|
private fetchNewToken;
|
|
278
276
|
private tokenRequiresRefresh;
|
|
279
277
|
private tokenExpired;
|
|
@@ -283,51 +281,56 @@ declare class AzureIdentityKubernetesAuthTranslator implements KubernetesAuthTra
|
|
|
283
281
|
*
|
|
284
282
|
* @public
|
|
285
283
|
*/
|
|
286
|
-
declare class
|
|
287
|
-
|
|
284
|
+
declare class GoogleStrategy implements AuthenticationStrategy {
|
|
285
|
+
getCredential(_: ClusterDetails, requestAuth: KubernetesRequestAuth): Promise<KubernetesCredential>;
|
|
286
|
+
validateCluster(): Error[];
|
|
288
287
|
}
|
|
289
288
|
|
|
290
289
|
/**
|
|
291
290
|
*
|
|
292
291
|
* @public
|
|
293
292
|
*/
|
|
294
|
-
declare class
|
|
295
|
-
|
|
293
|
+
declare class GoogleServiceAccountStrategy implements AuthenticationStrategy {
|
|
294
|
+
getCredential(): Promise<KubernetesCredential>;
|
|
295
|
+
validateCluster(): Error[];
|
|
296
296
|
}
|
|
297
297
|
|
|
298
298
|
/**
|
|
299
299
|
*
|
|
300
300
|
* @public
|
|
301
301
|
*/
|
|
302
|
-
type
|
|
303
|
-
|
|
304
|
-
[key: string]:
|
|
302
|
+
type DispatchStrategyOptions = {
|
|
303
|
+
authStrategyMap: {
|
|
304
|
+
[key: string]: AuthenticationStrategy;
|
|
305
305
|
};
|
|
306
306
|
};
|
|
307
307
|
/**
|
|
308
|
-
* used to direct a KubernetesAuthProvider to its corresponding
|
|
308
|
+
* used to direct a KubernetesAuthProvider to its corresponding AuthenticationStrategy
|
|
309
309
|
* @public
|
|
310
310
|
*/
|
|
311
|
-
declare class
|
|
312
|
-
private readonly
|
|
313
|
-
constructor(options:
|
|
314
|
-
|
|
311
|
+
declare class DispatchStrategy implements AuthenticationStrategy {
|
|
312
|
+
private readonly strategyMap;
|
|
313
|
+
constructor(options: DispatchStrategyOptions);
|
|
314
|
+
getCredential(clusterDetails: ClusterDetails, auth: KubernetesRequestAuth): Promise<KubernetesCredential>;
|
|
315
|
+
validateCluster(authMetadata: AuthMetadata): Error[];
|
|
315
316
|
}
|
|
316
317
|
|
|
317
318
|
/**
|
|
318
319
|
*
|
|
319
320
|
* @public
|
|
320
321
|
*/
|
|
321
|
-
declare class
|
|
322
|
-
|
|
322
|
+
declare class ServiceAccountStrategy implements AuthenticationStrategy {
|
|
323
|
+
getCredential(clusterDetails: ClusterDetails): Promise<KubernetesCredential>;
|
|
324
|
+
validateCluster(): Error[];
|
|
323
325
|
}
|
|
324
326
|
|
|
325
327
|
/**
|
|
326
328
|
*
|
|
327
329
|
* @public
|
|
328
330
|
*/
|
|
329
|
-
declare class
|
|
330
|
-
|
|
331
|
+
declare class OidcStrategy implements AuthenticationStrategy {
|
|
332
|
+
getCredential(clusterDetails: ClusterDetails, authConfig: KubernetesRequestAuth): Promise<KubernetesCredential>;
|
|
333
|
+
validateCluster(authMetadata: AuthMetadata): Error[];
|
|
331
334
|
}
|
|
332
335
|
|
|
333
336
|
/**
|
|
@@ -358,7 +361,7 @@ type KubernetesProxyCreateRequestHandlerOptions = {
|
|
|
358
361
|
type KubernetesProxyOptions = {
|
|
359
362
|
logger: Logger;
|
|
360
363
|
clusterSupplier: KubernetesClustersSupplier;
|
|
361
|
-
|
|
364
|
+
authStrategy: AuthenticationStrategy;
|
|
362
365
|
};
|
|
363
366
|
/**
|
|
364
367
|
* A proxy that routes requests to the Kubernetes API.
|
|
@@ -369,7 +372,7 @@ declare class KubernetesProxy {
|
|
|
369
372
|
private readonly middlewareForClusterName;
|
|
370
373
|
private readonly logger;
|
|
371
374
|
private readonly clusterSupplier;
|
|
372
|
-
private readonly
|
|
375
|
+
private readonly authStrategy;
|
|
373
376
|
constructor(options: KubernetesProxyOptions);
|
|
374
377
|
createRequestHandler(options: KubernetesProxyCreateRequestHandlerOptions): RequestHandler;
|
|
375
378
|
private getMiddleware;
|
|
@@ -399,8 +402,8 @@ type KubernetesBuilderReturn = Promise<{
|
|
|
399
402
|
proxy: KubernetesProxy;
|
|
400
403
|
objectsProvider: KubernetesObjectsProvider;
|
|
401
404
|
serviceLocator: KubernetesServiceLocator;
|
|
402
|
-
|
|
403
|
-
[key: string]:
|
|
405
|
+
authStrategyMap: {
|
|
406
|
+
[key: string]: AuthenticationStrategy;
|
|
404
407
|
};
|
|
405
408
|
}>;
|
|
406
409
|
/**
|
|
@@ -415,7 +418,7 @@ declare class KubernetesBuilder {
|
|
|
415
418
|
private fetcher?;
|
|
416
419
|
private serviceLocator?;
|
|
417
420
|
private proxy?;
|
|
418
|
-
private
|
|
421
|
+
private authStrategyMap?;
|
|
419
422
|
static createBuilder(env: KubernetesEnvironment): KubernetesBuilder;
|
|
420
423
|
constructor(env: KubernetesEnvironment);
|
|
421
424
|
build(): KubernetesBuilderReturn;
|
|
@@ -425,9 +428,10 @@ declare class KubernetesBuilder {
|
|
|
425
428
|
setFetcher(fetcher?: KubernetesFetcher): this;
|
|
426
429
|
setServiceLocator(serviceLocator?: KubernetesServiceLocator): this;
|
|
427
430
|
setProxy(proxy?: KubernetesProxy): this;
|
|
428
|
-
|
|
429
|
-
[key: string]:
|
|
431
|
+
setAuthStrategyMap(authStrategyMap: {
|
|
432
|
+
[key: string]: AuthenticationStrategy;
|
|
430
433
|
}): void;
|
|
434
|
+
addAuthStrategy(key: string, strategy: AuthenticationStrategy): this;
|
|
431
435
|
protected buildCustomResources(): CustomResource[];
|
|
432
436
|
protected buildClusterSupplier(refreshInterval: Duration): KubernetesClustersSupplier;
|
|
433
437
|
protected buildObjectsProvider(options: KubernetesObjectsProviderOptions): KubernetesObjectsProvider;
|
|
@@ -437,8 +441,8 @@ declare class KubernetesBuilder {
|
|
|
437
441
|
protected buildHttpServiceLocator(_clusterSupplier: KubernetesClustersSupplier): KubernetesServiceLocator;
|
|
438
442
|
protected buildProxy(logger: Logger, clusterSupplier: KubernetesClustersSupplier): KubernetesProxy;
|
|
439
443
|
protected buildRouter(objectsProvider: KubernetesObjectsProvider, clusterSupplier: KubernetesClustersSupplier, catalogApi: CatalogApi, proxy: KubernetesProxy, permissionApi: PermissionEvaluator): express.Router;
|
|
440
|
-
protected
|
|
441
|
-
[key: string]:
|
|
444
|
+
protected buildAuthStrategyMap(): {
|
|
445
|
+
[key: string]: AuthenticationStrategy;
|
|
442
446
|
};
|
|
443
447
|
protected fetchClusterDetails(clusterSupplier: KubernetesClustersSupplier): Promise<ClusterDetails[]>;
|
|
444
448
|
protected getServiceLocatorMethod(): ServiceLocatorMethod;
|
|
@@ -448,8 +452,8 @@ declare class KubernetesBuilder {
|
|
|
448
452
|
protected getObjectsProvider(options: KubernetesObjectsProviderOptions): KubernetesObjectsProvider;
|
|
449
453
|
protected getObjectTypesToFetch(): ObjectToFetch[] | undefined;
|
|
450
454
|
protected getProxy(logger: Logger, clusterSupplier: KubernetesClustersSupplier): KubernetesProxy;
|
|
451
|
-
protected
|
|
452
|
-
[key: string]:
|
|
455
|
+
protected getAuthStrategyMap(): {
|
|
456
|
+
[key: string]: AuthenticationStrategy;
|
|
453
457
|
};
|
|
454
458
|
}
|
|
455
459
|
|
|
@@ -488,4 +492,4 @@ interface RouterOptions {
|
|
|
488
492
|
*/
|
|
489
493
|
declare function createRouter(options: RouterOptions): Promise<express.Router>;
|
|
490
494
|
|
|
491
|
-
export {
|
|
495
|
+
export { AksStrategy, AnonymousStrategy, AuthMetadata, AuthenticationStrategy, AwsIamStrategy, AzureIdentityStrategy, ClusterDetails, CustomResource, CustomResourcesByEntity, DEFAULT_OBJECTS, DispatchStrategy, DispatchStrategyOptions, FetchResponseWrapper, GoogleServiceAccountStrategy, GoogleStrategy, HEADER_KUBERNETES_AUTH, HEADER_KUBERNETES_CLUSTER, KubernetesBuilder, KubernetesBuilderReturn, KubernetesClustersSupplier, KubernetesCredential, KubernetesEnvironment, KubernetesFetcher, KubernetesObjectTypes, KubernetesObjectsByEntity, KubernetesObjectsProvider, KubernetesObjectsProviderOptions, KubernetesProxy, KubernetesProxyCreateRequestHandlerOptions, KubernetesProxyOptions, KubernetesServiceLocator, ObjectFetchParams, ObjectToFetch, ObjectsByEntityRequest, OidcStrategy, RouterOptions, ServiceAccountStrategy, ServiceLocatorMethod, ServiceLocatorRequestContext, SigningCreds, createRouter };
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@backstage/plugin-kubernetes-backend",
|
|
3
3
|
"description": "A Backstage backend plugin that integrates towards Kubernetes",
|
|
4
|
-
"version": "0.
|
|
4
|
+
"version": "0.12.0",
|
|
5
5
|
"main": "./dist/index.cjs.js",
|
|
6
6
|
"types": "./dist/index.d.ts",
|
|
7
7
|
"license": "Apache-2.0",
|
|
@@ -49,23 +49,24 @@
|
|
|
49
49
|
"@aws-sdk/credential-providers": "^3.350.0",
|
|
50
50
|
"@aws-sdk/signature-v4": "^3.347.0",
|
|
51
51
|
"@azure/identity": "^3.2.1",
|
|
52
|
-
"@backstage/backend-common": "^0.19.5
|
|
53
|
-
"@backstage/backend-plugin-api": "^0.6.3
|
|
54
|
-
"@backstage/catalog-client": "^1.4.4
|
|
55
|
-
"@backstage/catalog-model": "^1.4.2
|
|
56
|
-
"@backstage/config": "^1.1.0
|
|
57
|
-
"@backstage/errors": "^1.2.2
|
|
58
|
-
"@backstage/integration-aws-node": "^0.1.6
|
|
59
|
-
"@backstage/plugin-auth-node": "^0.3.0
|
|
60
|
-
"@backstage/plugin-catalog-node": "^1.4.4
|
|
61
|
-
"@backstage/plugin-kubernetes-common": "^0.6.6
|
|
62
|
-
"@backstage/plugin-permission-common": "^0.7.8
|
|
63
|
-
"@backstage/plugin-permission-node": "^0.7.14
|
|
64
|
-
"@backstage/types": "^1.1.1
|
|
52
|
+
"@backstage/backend-common": "^0.19.5",
|
|
53
|
+
"@backstage/backend-plugin-api": "^0.6.3",
|
|
54
|
+
"@backstage/catalog-client": "^1.4.4",
|
|
55
|
+
"@backstage/catalog-model": "^1.4.2",
|
|
56
|
+
"@backstage/config": "^1.1.0",
|
|
57
|
+
"@backstage/errors": "^1.2.2",
|
|
58
|
+
"@backstage/integration-aws-node": "^0.1.6",
|
|
59
|
+
"@backstage/plugin-auth-node": "^0.3.0",
|
|
60
|
+
"@backstage/plugin-catalog-node": "^1.4.4",
|
|
61
|
+
"@backstage/plugin-kubernetes-common": "^0.6.6",
|
|
62
|
+
"@backstage/plugin-permission-common": "^0.7.8",
|
|
63
|
+
"@backstage/plugin-permission-node": "^0.7.14",
|
|
64
|
+
"@backstage/types": "^1.1.1",
|
|
65
65
|
"@google-cloud/container": "^4.0.0",
|
|
66
66
|
"@jest-mock/express": "^2.0.1",
|
|
67
67
|
"@kubernetes/client-node": "0.18.1",
|
|
68
68
|
"@types/express": "^4.17.6",
|
|
69
|
+
"@types/http-proxy-middleware": "^0.19.3",
|
|
69
70
|
"@types/luxon": "^3.0.0",
|
|
70
71
|
"compression": "^1.7.4",
|
|
71
72
|
"cors": "^2.8.5",
|
|
@@ -83,11 +84,9 @@
|
|
|
83
84
|
"yn": "^4.0.0"
|
|
84
85
|
},
|
|
85
86
|
"devDependencies": {
|
|
86
|
-
"@backstage/backend-test-utils": "^0.2.3
|
|
87
|
-
"@backstage/cli": "^0.22.13
|
|
87
|
+
"@backstage/backend-test-utils": "^0.2.3",
|
|
88
|
+
"@backstage/cli": "^0.22.13",
|
|
88
89
|
"@types/aws4": "^1.5.1",
|
|
89
|
-
"@types/http-proxy-middleware": "^0.19.3",
|
|
90
|
-
"cross-fetch": "^3.1.5",
|
|
91
90
|
"mock-fs": "^5.2.0",
|
|
92
91
|
"msw": "^1.0.0",
|
|
93
92
|
"supertest": "^6.1.3",
|